With the recent rise in virus and worm attacks, industry efforts have emerged to harden computing devices coupled to a network against these attacks and also to install measures for protecting the network from attack-prone computing devices. This has resulted in a number of industry initiatives to define proprietary and standards based network security frameworks and communication protocols. When employed, these standards based network security frameworks may contain or counteract virus or worm attacks. Additionally, the Institute for Electrical and Electronic Engineers (IEEE) and the Internet Engineering Task Force (IETF) standards bodies have defined or are in the process of defining communication protocols which may be leveraged to provide additional network security. These industry initiatives seek to provide strict access control for computing devices to connect to a network.
Countermeasures defined to protect against network attacks have primarily taken the form of Open Systems Interconnection (OSI) layer 2, IEEE 802.1X communication protocols. See IEEE 802.1X-2001, published Oct. 25, 2001 (“IEEE 802.1X”), and/or later versions. These communication protocols typically leverage IETF defined Extensible Authentication Protocol (EAP) and associated derivatives to determine a computing device's credentials, before the device or any element residing/operating on the device is allowed access to the network. See IETF, Network Working Group, Request for Comments: 3748, Extensible Authentication Protocol, published June 2004 (“RFC 3748”), and/or later versions.
Once initial authentication has been performed (e.g., via IEEE 802.1X and/or RFC 3748) and a computing device has been granted access to the network, an additional protocol may be executed which maintains a secure communication channel over which all subsequent data is carried. This secure communication channel offers cryptographic services such as data origin authenticity and data confidentiality. As a result, the most predominant security threats are likely prevented or contained. For wireless network access, this secure communication channel may operate in compliance with IEEE 802.11i-2004, published July 2004 (“IEEE 802.11i”), and/or later versions. For wired network access, the secure communication channel may operate in compliance with two related specifications to IEEE 802.1X. The first is IEEE 802.1AE, Draft 5.1, published January 2006 (“IEEE 802.1AE”), and/or later drafts or revisions. The second is an amendment to IEEE 802.1X, and is IEEE 802.1AF, Draft 0.4, published January 2006, (“IEEE 802.1AF”), and/or later drafts or revisions. Additionally, OSI Layer 3 and Layer 4 industry initiatives for secure communication channels also exist. These OSI Layer 3 and Layer 4 initiatives include one for Internet Protocol Security (IPsec)—IETF, Network Working Group, RFC 2401, Security Architecture for the Internet Protocol, published November 1998 (“RFC 2401”), and another one for Transport Layer Security (TLS)—IETF, Network Working Group, RFC 2246, The TLS Protocol Version 1.0, published January 1999 (“RFC 2246”).
Regardless of the efforts taken to harden computing devices against virus and worm attacks to protect a given network, research has shown that within a typical corporate wired network, the majority of security breaches stem from inside the network. These breaches may be intentional or as a side affect of negligence on the part of the user of a computing device. For example, in today's environment, many users have mobile computing devices (e.g., notebook computers), which are used within the corporation, as well as from the home. Within the corporation, some degree of control may be enforced for accessing network resources. However, when the typical user connects a computing device to the Internet from an external source (home, hotel, Internet cafe), he/she may inadvertently download a virus/worm when visiting an insecure site on the Internet. This virus/worm can be transferred to the corporate network at the computing device's next connection to the network. Even within the corporation, policies may not always be enforced—e.g. a user not always updating the latest anti-virus data file from the corporate site. Thus exposing the network to possible attacks by new viruses or worms.
Traditional technologies allow validation of the identity and state of a computing device (e.g., via integrity or posture measurements) after an access request to the network is initiated. The IEEE 802.1X model provides a framework for carrying additional protocols such as EAP, which provide capabilities for exchanging a computing device's authenticated identity and posture information prior to allowing at least some access to the network. This aids in controlling any malicious device/software from entering onto the network, without prior evaluation. This is achieved by providing a security solution at the lowest common denominator of the network stack and performing authentication before a computing device is allowed to acquire an IP address. However, unauthorized or rogue agents may still gain access by mimicking an authorized computing device or spoofing the authentication process.